Description
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.
Remediation
References
https://jenkins.io/security/advisory/2018-05-09/#SECURITY-671
Related Vulnerabilities
CVE-2021-3632 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2014-0099 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2020-1959 Vulnerability in maven package org.apache.syncope.client:syncope-client-enduser
CVE-2022-34196 Vulnerability in maven package io.jenkins.plugins:rest-list-parameter
CVE-2023-48292 Vulnerability in maven package org.xwiki.contrib:xwiki-application-admintools